Beefing up public-key encryption

MIT researchers show how to secure widely used encryption schemes against attackers who have intercepted examples of successful decryption. Most financial transactions on the Internet are safeguarded by a cryptographic technique called public-key encryption. Where traditional encryption relies on a single secret key, shared by both sender and recipient, public-key encryption uses two keys that are mathematically related. One, the public key, is published on the Internet, and any sender can use it to encrypt a message; the second, the private key, is known only to the recipient and is required for decryption. Standard public-key encryption is secure as long as an attacker knows nothing other than the public key. But financial institutions and other large organizations seek security against more sophisticated attacks, called chosen-ciphertext attacks (CCAs), in which the attacker also has examples of successful decryption. Unfortunately, public-key encryption schemes that are resilient against CCAs are hard to devise.